Managing cloud-based storage using a time-series database

ABSTRACT

The disclosed embodiments disclose techniques for managing cloud-based storage using a time-series database. A distributed cloud data management system (DCDMS) manages objects stored in a cloud storage system. The DCDMS leverages a distributed time-series database to track objects accessed via the DCDMS. During operation, the DCDMS receives a request to access an object using a path identifier and an object identifier. The DCDMS determines from the path identifier that the request is associated with one of its supported extended capabilities, and uses the previously tracked object operations that are stored in the time-series database to determine the actual target bucket in the cloud storage system that contains the requested object; the target bucket that contains the object may be different from the bucket identified in the path identifier that is received. The object identifier is then used to access the requested object from the target bucket to service the request.

RELATED APPLICATION

This application claims the benefit of U.S. Provisional Patent Application No. 62/722,892, by inventors Jian Xing, Qian Zhang, and John Richard Taylor, entitled “Managing Cloud-Based Storage Using a Time-Series Database,” filed 25 Aug. 2018, which is incorporated herein by reference.

BACKGROUND Field of the Invention

This disclosure generally relates to techniques for providing flexible and extensible network storage systems. More specifically, this disclosure relates to techniques for managing data stored in a cloud computing environment.

Related Art

Enterprise data centers typically include large numbers of storage devices that can be accessed using high-speed networks. However, the management overhead involved in maintaining a large number of storage devices can become substantial. For instance, maintaining data consistency, redundancy, and storage system performance in the presence of hard drive failures can involve substantial time, effort, and expertise.

Cloud-based computing storage vendors attempt to simplify storage management by providing large-scale remote network computing and storage solutions. Such vendors can leverage economies of scale to provide extensive and flexible computation services and data storage capacity that can be leased and accessed by clients. Clients can leverage such storage solutions to offload storage management overhead and to quickly and easily increase their data storage capacity on an as-needed basis. However, the advantages of flexible cloud-based data storage capacity make it a valuable commodity that can command premium pricing. For instance, cloud computing vendors may provide clients with an initial fixed amount of data storage space that can grow with client needs, but then charge substantial storage fees when such additional storage space is actually used. Such additional storage costs may be worth the additional expense for clients experiencing a sudden increase in business and/or storage traffic (especially in comparison with the alternative of running out of storage space!), but can substantially increase client costs.

Hence, what is needed are techniques for managing cloud-based storage capabilities without the above-described problems of existing techniques.

SUMMARY

The disclosed embodiments disclose techniques for managing objects stored in a cloud storage system. A distributed cloud data management system (DCDMS) that is layered upon a cloud storage system presents client applications with an abstraction of buckets of stored objects and manages how these stored objects are stored in the cloud storage system. In addition, the DCDMS provides additional extended capabilities that are not directly supported by the cloud storage system. To do so, the DCDMS leverages a distributed time-series database that executes on multiple, distinct compute nodes to collectively track client object requests received by the DCDMS. During operation, the DCDMS receives a request to access an object using a path identifier and an object identifier. The DCDMS determines from the path identifier that the request is associated with one of its supported extended capabilities, and uses the previously tracked object operations that are stored in the time-series database to determine the actual target bucket in the cloud storage system that contains the requested object; the actual target bucket that contains the object may be different from the bucket identified in the path identifier that is received. The object identifier is then used to access the requested object from the identified target bucket to service the request.

In some embodiments, the extended capabilities supported by the DCDMS include:

-   -   Snapshot operations that enable client applications to record         the object state for the objects in a bucket at a specified         point in time;     -   Clone operations that enable client applications to create a         virtual copy-on-write duplicate of a bucket and the objects         associated with the bucket at a given point in time; and     -   Roll-back operations that enable client applications to revert         the object state for the objects that are associated with a         bucket to an earlier point in time.

In some embodiments, the DCDMS is layered on top of a cloud storage system that provides extensible, but expensive, storage capabilities that can scale to meet client needs. The DCDMS deduplicates object data being stored to the cloud storage system to reduce the storage cost associated with using the cloud storage system.

In some embodiments, the distributed time-series database is distributed across multiple distributed database instances that execute on the multiple, distinct compute nodes. Any of these distributed database instances can receive and record object access tracking information or perform the meta-data operations needed for snapshot, clone, or roll-back operations (also referred to as bucket-level operations, vs. object-level accesses); the multiple distributed database instances use election-based techniques to ensure that a quorum number of distributed database instances have successfully acknowledged pending operations and/or access requests before such requests are considered committed. The DCDMS uses the time-series database to track when objects are created, accessed, updated, and deleted, and each distributed database instance distributes tracking information for every object access and bucket-level operation to the other distributed database instances.

In some embodiments, tracking object metadata in the distributed time-series database facilitates rapidly determining object existence, state, and version information for specific time instances without needing to scan object tables or a filesystem. The distributed time-series database uses the path identifier and the object identifier as search keys when searching the tracked object metadata to find the target bucket for the requested object.

In some embodiments, the DCDMS receives a client request to snapshot, or record the object state for, the objects in a bucket at a specified point in time. In carrying out this request, the DCDMS stores in the distributed time-series database a set of metadata that references the existing objects of the bucket that are valid at the specified point in time. This metadata is associated with a virtual snapshot bucket that has a distinct path that can be used by client applications to access the snapshotted state of the bucket. Note that the snapshot operation does not create any additional copies of the existing objects in the bucket when performing the snapshot operation.

In some embodiments, a request received after the snapshot operation contains a path identifier and object identifier that specify an object in the virtual snapshot bucket. The DCDMS determines the target bucket in the cloud storage system that contains the requested object by analyzing the object identifier and the object metadata associated with the virtual snapshot bucket. The DCDMS determines that the target bucket is either the original bucket (that was snapshotted) or an ancestor of that bucket (e.g., if the original bucket was a snapshot, clone, or roll-back of another bucket), and accesses the requested object from the target bucket.

In some embodiments, the DCDMS uses the time-series database to track the set of objects that are valid in the bucket at any specified point in time, and the DCDMS uses this tracked object access data to ensure that objects that were no longer valid in the bucket at the time of the snapshot, objects that were created in the bucket after the snapshot time, and modified versions of objects that written to bucket after the snapshot time are not considered valid objects in the context of the virtual snapshot bucket.

In some embodiments, the DCDMS receives a client request to clone the objects in a bucket at a specified point in time. When carrying out this request, the DCDMS creates a clone bucket in the cloud storage system that has a distinct path that can be used by client applications to access the cloned version of the bucket. The DCDMS also stores in the distributed time-series database a set of metadata that references the existing objects of the bucket that are valid at the specified point in time, and associates this metadata with the clone bucket. Note that, as for the snapshot operation, the DCDMS does not create any additional copies of the existing objects in the bucket when performing the clone operation.

In some embodiments, new objects can be written to the clone bucket and the original bucket independently, with the distributed time-series database tracking which new objects are written to each bucket respectively. The DCDMS uses the object tracking data from the time-series database to ensure that new objects written to the original bucket after the clone operation are not visible from the context of the clone bucket, and vice versa. When the path identifier for a request matches the path of the clone bucket, the DCDMS determines the target bucket in the cloud storage system that contains the requested object by analyzing the object identifier and the object metadata associated with the clone bucket. If the object identifier specifies an object that was created or modified after the clone operation occurred, the DCDMS determines that the target bucket is the clone bucket and accesses the requested object from that bucket. Otherwise, the target bucket is determined to be either the original bucket or an ancestor of that bucket, from which the requested object is then accessed.

In some embodiments, the DCDMS receives a request to delete an object from the clone bucket. Objects can be deleted from the clone bucket and the original bucket independently, and the distributed time-series database tracks such deletions. The DCDMS updates the object metadata in the time-series database to indicate the deletion from the target bucket; the object remains valid in the context of the bucket where it was not deleted and is typically not completely deleted from the cloud storage system to ensure that other references to the object are not broken and to enable potential subsequent roll-back operations that include that object.

In some embodiments, the DCDMS receives a client request to revert (“roll back”) the object state for the objects in a bucket to a specified earlier point in time. In carrying out this request, the DCDMS creates a roll-back bucket in the cloud storage system that has a distinct path that can be used by client applications to access the earlier version of the bucket. The DCDMS analyzes the object creation, update, and delete records for the original bucket that are stored in the distributed time-series database to determine the versions of objects that were valid for the given bucket at the earlier point in time. A set of metadata that references these existing valid objects is stored in the time-series database and associated with the roll-back bucket. Note that, as for the snapshot and clone operations, the DCDMS does not create any additional copies of the existing objects in the bucket when performing the roll-back operation.

In some embodiments, new objects can be written to the roll-back bucket and the original bucket independently, with the distributed time-series database tracking which new objects are written to each bucket, respectively. The DCDMS uses the object tracking data from the time-series database to ensure that objects that were written to the original bucket after the specified earlier point in time and new objects written to the original bucket after the roll-back operation are not visible from the context of the roll-back bucket, and that new objects written to the roll-back bucket are not visible via the original bucket. When the path identifier for a request matches the path of the roll-back bucket, the DCDMS determines the target bucket in the cloud storage system that contains the requested object by analyzing the object identifier and the object metadata associated with the roll-back bucket. If the object identifier specifies an object that was created or modified after the roll-back bucket was forked from the original bucket, the DCDMS determines that the target bucket is the roll-back bucket and accesses the requested object from that bucket. Otherwise, the target bucket is determined to be either the original bucket or an ancestor of that bucket, from which the requested object is then accessed.

In some embodiments, performing a roll-back operation involves determining a set of existing snapshot operations that have been taken in the past for the original bucket (that was most recently a target of a bucket-level operation), analyzing previous snapshot operations for that bucket to determine a snapshot bucket that is close to the earlier point in time, and then using that previous snapshot as a source for the roll-back operation. More specifically, the DCDMS creates a roll-back bucket copying the metadata from the previous snapshot. All of the snapshot bucket, original bucket, and the new roll-back buckets are distinct and can be accessed separately by client applications; new objects can be written to the roll-back bucket independently of the snapshot bucket, the original bucket, and any other ancestors of the snapshot and original buckets.

In some embodiments, multiple successive snapshot, clone, and roll-back operations can be applied to a bucket and descendants of that bucket (e.g., snapshotted, cloned, or rolled-back versions of that same bucket), creating a hierarchy of snapshot, clone, and roll-back buckets that all share the same root bucket. The DCDMS tracks and analyzes the object metadata for such hierarchies of buckets as needed to determine the correct target bucket for each given client request based on the provided object identifier and the path identifier.

In some embodiments, one or more client applications simultaneously access the same object in the same target bucket via different distinct paths for different clone, rollback, and snapshot buckets. The meta-data in the distributed time-series database determines for each respective object access (via different distinct paths) that the mapping for each different object access refers back to the same object in that same target bucket.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 illustrates an exemplary scenario in which a cloud data management service manages data flows between clients and a cloud storage system in accordance with an embodiment.

FIG. 2 illustrates an exemplary logical view of cloud storage contents from the perspective of a cloud management service that uses a time-series database to manage objects stored in cloud storage system in accordance with an embodiment.

FIG. 3A illustrates a logical view of how a time-series database can logically track the set of valid object references for a snapshot operation in accordance with an embodiment.

FIG. 3B illustrates a logical view of how a time-series database can track the set of valid object references for a clone operation in accordance with an embodiment.

FIG. 3C illustrates a logical view of how a time-series database can logically track the set of valid object references for a roll-back operation in accordance with an embodiment.

FIG. 4 illustrates a more detailed configuration of the cloud management service of FIG. 1 in accordance with an embodiment.

FIG. 5 illustrates a logical view of a distributed log for the cloud management service in accordance with an embodiment.

FIG. 6 presents a flow chart that illustrates the process of managing cloud-based storage using a time-series database in accordance with an embodiment.

FIG. 7 illustrates a computing environment in accordance with an embodiment.

FIG. 8 illustrates a computing device in accordance with an embodiment.

DETAILED DESCRIPTION

The following description is presented to enable any person skilled in the art to make and use the invention, and is provided in the context of a particular application and its requirements. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the present invention. Thus, the present invention is not limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.

The data structures and code described in this detailed description are typically stored on a non-transitory computer-readable storage medium, which may be any device or non-transitory medium that can store code and/or data for use by a computer system. The non-transitory computer-readable storage medium includes, but is not limited to, volatile memory, non-volatile memory, magnetic and optical storage devices such as disk drives, magnetic tape, CDs (compact discs), DVDs (digital versatile discs or digital video discs), or other media capable of storing code and/or data now known or later developed.

The methods and processes described in the detailed description section can be embodied as code and/or data, which can be stored in a non-transitory computer-readable storage medium as described above. When a computer system reads and executes the code and/or data stored on the non-transitory computer-readable storage medium, the computer system performs the methods and processes embodied as data structures and code and stored within the non-transitory computer-readable storage medium.

Furthermore, the methods and processes described below can be included in hardware modules. For example, the hardware modules can include, but are not limited to, application-specific integrated circuit (ASIC) chips, a full-custom implementation as part of an integrated circuit (or another type of hardware implementation on an integrated circuit), field-programmable gate arrays (FPGAs), a dedicated or shared processor that executes a particular software module or a piece of code at a particular time, and/or other programmable-logic devices now known or later developed. When the hardware modules are activated, the hardware modules perform the methods and processes included within the hardware modules.

Leveraging Cloud-Based Storage

Storage scalability can become problematic for enterprises when data needs out-scale the capabilities of a datacenter. While storage capacity can be over-provisioned, failures or unanticipated volumes of data traffic can cause situations where new storage devices cannot be brought online quickly enough to satisfy data demands. A number of “cloud-based storage” vendors (also sometimes referred to as “cloud storage providers”) attempt to simplify storage management by providing large-scale network storage solutions. Such vendors leverage economies of scale to provide data centers with extensive data storage capacity that can then be rented and accessed by clients, thereby allowing clients to offload storage management overhead and easily increase their data storage allotment on an as-needed basis. Clients can store and retrieve data via well-known data access APIs (application programming interfaces) (e.g., the Amazon S3 API).

The advantages of flexible cloud-based data storage capacity make it a valuable commodity that can command premium pricing. For instance, cloud computing vendors may provide clients with an initial fixed amount of data storage space that can grow with client needs, and then charge substantial storage fees when additional flexible storage space is actually used. Such additional storage costs may be worth the additional expense for clients experiencing a sudden increase in business and/or storage traffic (especially in comparison with running out of storage space!), but can substantially increase client costs. Cloud computing vendors providing these services have incentive to increase the value of storage capabilities by adding additional capabilities (e.g., improving durability, availability and scalability, and building in-cloud machine learning capabilities that can operate upon data stored in their cloud storage services and hence encourage clients to use more cloud data storage capacity), but do not have much incentive to apply techniques that reduce the amount of data that is stored in a cloud storage services (because this would reduce their profits).

In some embodiments, a distributed cloud data management system operates as a layer on top of a cloud storage system. This cloud data management system provides a number of additional services that can include:

1) enabling deduplication of data being stored in the cloud storage system; 2) building enhanced distributed filesystem abstractions on top of the cloud object storage API; and 3) providing additional capabilities that extend an underlying cloud object storage system (e.g., clone, roll-back, and snapshot functionalities).

FIG. 1 illustrates an exemplary scenario in which a cloud data management service 100 manages data flows between clients 120-124 and a cloud storage system 102. Cloud storage system 102 and cloud data management service 100 operate in a cloud computing environment 104, and can provide data services to clients that execute both inside (client 122) and outside (clients 120 and 124) of the cloud computing environment 104. Cloud data management service 100 comprises multiple management nodes 110-112 that execute services that interact with each other and cloud storage system 102 to provide data management services and service client requests.

In some embodiments, each management node (e.g., 110-112) may execute multiple services that comprise one or more “layers of functionality.” For instance, an interface service 114 (sometimes also referred to as the access layer, or access service) may execute a number of “docker containers” that can accept client data requests via a wide range of different protocols (e.g., including, but not limited to, a native cloud object protocol such as the Amazon S3 interface, as well as other data access APIs such as Hadoop, NTFS, and CIFS). Docker containers (or “dockers”) provide a lighter-weight solution (as compared to separate virtual machines, or “VM”s) that facilitates automating the deployment of multiple related applications (sometimes referred to as “microservices”) inside distinct software containers that all operate within a single virtual machine and can communicate with each other using standard networking protocols (e.g., via Linux namespaces and IP-layer network protocols). Allowing independent containers to run within a single virtual machine avoids the cost and overhead of starting and maintaining multiple virtual machines. Note that such docker containers execute in isolation and leverage operating system kernel resources to communicate; containers can be provisioned and provided with an abstraction of their own process space and interfaces, and can be constrained to use a specific defined amount of resources (e.g., CPU, memory, and network or other I/O bandwidth).

In some embodiments, data received via interface service 114 is then processed by a distributed data caching service 116. For instance, each distributed data caching service 116 may: 1) break received data into regular-sized (e.g., 4 KB) blocks; 2) cache received and/or requested data blocks; and 3) perform deduplication upon new blocks received from clients. Breaking received data into smaller data blocks and performing deduplication may involve using additional compute resources, but the cost of extensible cloud data storage (e.g., elastic block storage, or EBS, in the S3 environment) is typically much higher than the cost of leveraging additional computing capabilities in the cloud computing environment, so this trade-off is often beneficial if there are likely to be duplicate data blocks in received data sets.

In some embodiments, a distributed database service 118 on multiple management nodes stores metadata for data that is being managed by cloud data management service 100. For instance, distributed database service 118 may be used to track which management nodes are currently caching which specific blocks of data, so that cached data can be efficiently accessed from a peer node instead of cloud storage system 102 when possible. Furthermore, multiple instances of distributed database service 118 on different nodes may be configured to serve as a “time-series database” that tracks how data stored to cloud storage system 102 via cloud data management service 100 has evolved over time and provides additional data capabilities that enhance cloud storage system 102; such capabilities are described in more detail in the following section. The multiple instances of distributed database service 118 may also be used to manage and/or load-balance other services (not shown) that execute on the management nodes of cloud data management service (also described in more detail in a following section).

In summary, a cloud data management service tracks, transforms, and caches data received from clients and then stores this data into any cloud storage system (i.e., the disclosed techniques are not tied to any particular cloud storage vendor). This stored data can then subsequently be accessed by cloud or non-cloud clients, for instance to perform data analytics, indexing, or any other desired processing. Note that, as illustrated in FIG. 1, cloud data management service 100 is a distributed platform. For example, multiple clients may simultaneously interact with dockers in the interface services 114 of different management node, and all instances of distributed database services 118 that are executing across the cluster of management nodes communicate and work cooperatively to provide a scalable and fault-tolerant data management service. To this end, cloud data management service 100 may require at least three management nodes to provide redundancy and support a quorum-based update technique, and typically will scale to a substantially larger number of management nodes to support large-scale, geographically-distributed applications.

Providing Object Capabilities Using a Time-Series Database

As described in the previous section, a cloud-based data management service can be wrapped around a cloud storage system to provide additional storage capabilities and store data more compactly. Cloud storage systems often perform storage operations at the granularity of “objects,” i.e. opaque blobs of data that are simpler than and support fewer operations than files, and hence are easier to scale horizontally. The contents and format of each object may be application specific, and objects may be stored in a hierarchy. For instance, the Amazon S3 cloud storage system has a concept of folders and buckets into which groups of objects can be stored. Some applications may be implemented to consider and store files as objects, while other applications may be implemented to structure and access objects differently from files. Note that the object abstraction is different from a file-based approach—files in a typical filesystem may be truncated or modified/rewritten frequently. Objects more typically will not be modified; instead, a new version of the object is created. Hence, while a filesystem will typically only include one most-recent version of a file, an object store may store multiple versions of the same object over time.

In some embodiments, a cloud-based data management service leverages a distributed database (e.g., Apache Cassandra) to provide additional capabilities and filesystem abstractions on top of an object-based cloud storage system. More specifically, the distributed database serves as a “time-series database” that tracks whenever objects are created or updated. Tracking object operations enables queries and capabilities that depend on being able to identify the existence, state, and version of stored objects at a certain timeframe. For example, additional “bucket-level” object-store capabilities that are enabled by a time-series database include snapshot, cloning, and roll-back operations. Snapshots allow applications to record object state at specified points in time, while cloning creates a (virtual) duplicate copy of a set of objects. Roll-backs allow applications to revert to an earlier set of objects (or a cloned set of objects) if desired.

FIG. 2 illustrates an exemplary logical view of the contents of a cloud storage system from the perspective of a cloud management service that uses a time-series database to manage objects stored in cloud storage system 102. In the context of one exemplary cloud storage system, objects can be grouped in hierarchical levels buckets based on object names (e.g., with backslashes or slashes indicating hierarchy, as in many filesystems). In the scenario of FIG. 2, the cloud management service manages and tracks operations upon objects in two top-level buckets 200 and 210 named “/BAR” and “/FOO,” respectively.

During operation, client applications operating upon these buckets send requests to add new objects to buckets and access existing objects in buckets. As the cloud data management service receives such requests it updates the tables of the time-series database (i.e., in the distributed database services 118 of the management nodes of FIG. 1) to include time stamps and other tracking information associated with the requests, including but not limited to the objects and buckets associated with the requests and the object data included in the requests (if any). Note that for these types of requests the cloud data management service provides an API that is substantially the same as that of the cloud storage system(s) upon which it is layered, although the cloud data management service does not necessarily just pass these requests through as-is to underlying cloud storage system 102, but may perform additional operations upon them (e.g., fragment object data for deduplication purposes and create multiple distinct fragmented objects in the cloud storage system instead of one object as received). In addition, the cloud data management service also supports additional APIs that enable client applications to invoke the additional capabilities offered by the cloud data management service.

The logical view in FIG. 2 includes several additional buckets that were created and/or supported by the cloud data management service in association with the /BAR bucket 200 and the /FOO bucket 210. These buckets include a snapshot 202 of the /BAR bucket 200 at a specific time X, a roll-back 204 that rolls back bucket 200 to another specific time Y, and a clone of bucket 210 to a third time Z. These buckets, their relation to their parent buckets, and their use are described in more detail in the following paragraphs.

In some embodiments, a time-series database enables performing snapshots upon an object store at specified times, thereby allowing clients to subsequently access those objects as if they were accessing the object store at those specific points in time. The time-series database stores a set of metadata that enables this functionality while minimizing the amount of data that needs to be stored in the underlying cloud storage system to support such capabilities. Consider, for instance, the snapshot 202 taken at time X of the /BAR bucket 200 that is illustrated in FIG. 2. The cloud management service can leverage the time-series database to make snapshot 202 appear as another independent bucket that contains the specified data, but then leverage the contents of bucket 200 so that objects do not need to be copied (and hence do not consume additional space). FIG. 3A illustrates a logical view of the time-series database maintaining a set of tables for snapshot 202 that refer to the set of valid objects in bucket 200 at the specified time of the snapshot (time X). Note that bucket 200 also stores a set of objects that are no longer valid at the time of the snapshot, and may also receive and store other objects that are added after the time of the snapshot; the time-series database maintains records of these additional objects for bucket 200, but look-ups based on time-series history would determine that these objects are not relevant in the context of snapshot 202. A client accessing the snapshot bucket 202 via the cloud data management service would see the objects in the virtual bucket as if they were a separate, distinct bucket in cloud storage system 102.

In some embodiments, a time-series database enables cloning collections of objects, thereby effectively creating a snapshot that can also still be extended independently of the original parent bucket (e.g., “forked”). As described for snapshots above, the time-series database stores a set of metadata that enables this functionality while minimizing the amount of duplicate data that needs to be stored in the underlying cloud storage system. More specifically, the time-series database operation can support copy-on-write cloning, so that all objects that exist at the time of cloning can be referenced via the parent bucket, while new objects that are stored after the cloning operation are stored and accessed from the clone bucket. Hence, at the time a bucket is cloned, the cloud data management system may create a new bucket and write a record in the time-series database to indicate that the parent bucket has been cloned, but does not actually copy any of the cloned objects to the clone bucket (e.g., the clone bucket in the cloud storage system will start out empty, or might not even be actually created until a first new object is written to the clone bucket). Note that these copy-on-write semantics allow clone operations to execute very quickly, because such operations do not need to wait for copy operations to complete.

FIG. 3B illustrates a parent bucket (/FOO bucket 210) and a clone bucket (clone bucket 212, which clones the /FOO bucket 210 at time Z). A client attempting to access objects needs to specify a target starting bucket that will determine the search path for the object; for the example of FIG. 2, when a client requesting an object specifies clone bucket 212, the cloud data management service uses the object metadata stored in the time-series database to determine whether the requested object should be retrieved directly from clone bucket 212 or if it is stored in (and should be retrieved from) parent bucket 210. Note that cloned buckets may have multiple levels of ancestors; records can be written to the time-series database that indicate this hierarchy and multiple levels of parent buckets, and this metadata can be traversed to find the correct bucket for a desired object based on the context of the request (e.g., the target starting bucket and an object path/identifier). Note that new objects will also be written to the specified bucket based on the bucket that is specified in the request. For instance, in the example of FIGS. 2 and 3B, clients accessing bucket 210 directly will store new objects there, while clients that access clone bucket 212 will store new objects in clone bucket 212. Note that cloning affects the deletion of objects, because an object being deleted in the context of a parent bucket may still be valid and accessible in a clone bucket. The time-series database can be configured to track deleted objects; for instance, when a client accessing the parent bucket directly deletes an object, the metadata in the time-series database may be updated to indicate that object no longer exists and cannot be accessed in the context of (direct accesses to) the parent bucket, but that same object may still be accessible if accessed from an earlier snapshot or via clone buckets that refer back to the parent bucket. Deleted objects may also be preserved even if not accessed by snapshots or clone buckets, to still allow roll-back operations (described below) to an earlier time in which those objects still existed.

In some embodiments, a time-series database leverages aspects of snapshots and cloning capabilities to support roll-back operations that allow clients to undo operations and return to an earlier object- and bucket-state. As described above, a time-series database can be used to track when objects are created and updated, which enables searching for versions of objects that were valid at any specified time. These capabilities allow the cloud data management service to create (and re-create) snapshot and clone buckets for previous points in time, thereby enabling the ability to create a roll-back bucket that reflects the state of a given bucket at some previous point in time. In some embodiments the cloud data management service can use the time-series database to reconstruct object state at any user-requested time (e.g., go back in time to that specified time by accessing object time-stamps in the time-series database to create a snapshot bucket for that specific time), while in some other embodiments the set of roll-back options may be limited to finding a snapshot of the bucket that is closest in time to the request (potentially with a user choice of whether the closest preceding or subsequent snapshot would be preferred as well). As described for the cloning operation above, a roll-back operation may create a new bucket that points to the selected snapshot but use copy-on-write techniques to ensure that the operation does not involve copying any existing objects.

FIG. 3C illustrates an exemplary roll-back bucket 204 in the context of the scenario illustrated in FIGS. 2 and 3A. FIG. 3C illustrates the parent /BAR bucket 210 and the snapshot bucket 202 of the /BAR bucket 200 that was taken at time X. Upon receiving a request from a client to roll back to time X, the cloud data management service creates roll-back bucket 204, which references snapshot 202 and the objects that were valid in parent bucket 200 at time X via snapshot 202. As with the clone bucket example of FIG. 3B, clients writing objects to the rolled-back context (i.e., to roll-back bucket 204) will have those objects stored in roll-back bucket 204. Note that, as described previously, many different applications may simultaneously access multiple different versions of objects, and that the request for and creation of a roll-back bucket does not prevent other clients from continuing to access the present version of objects (or other rolled-back timeframes in other snapshots and/or roll-back buckets). Other objects that are written to bucket 200 in the present time and unrelated to the rolled-back context will be written to bucket 200 and are not visible from the context of roll-back bucket 204.

The above-described snapshot, clone, and roll-back techniques involve preserving and accessing different versions of objects. Database structures are leveraged to track and manage such time-series information in a manner that would be substantially more challenging or even impossible in a traditional filesystem. The cloud data management service can also mitigate space limitations associated with preserving multiple versions of similar objects in (expensive) elastic cloud storage services using the previously-described deduplication capabilities (e.g., two objects that differ only slightly will ideally be broken into segments and/or deltas in a way that does not take substantially more space than either object individually). However, tracking a large set of objects that are stored in a cloud storage system and being accessed by a large number of geographically-distributed clients requires a high-availability, scalable database. In some embodiments, the time-series database comprises a distributed, high-availability web-scale database (e.g., Apache Cassandra).

As illustrated in FIG. 1, the time-series database is distributed across multiple management nodes to ensure that no individual node can become a single point of failure. Nodes receiving objects and/or object requests distribute tracking information for every operation to the other database nodes, and all records in the database are associated with time stamps that indicate when objects were received and/or operated upon. The distributed database may require at least three active nodes to perform operations, with each node acting as a possible point of entry for new objects and related client operations. The database nodes leverage an election-based technique that requires a quorum number of nodes to respond and acknowledge updates (and/or agree upon a record value) before committing to an update to ensure that a majority of nodes are available to make an update persistent while not requiring every node to be available (which becomes increasingly difficult as the size of the system and the number of nodes scales). Note that distributed databases offer capabilities that are different from traditional SQL databases, with some constraints being relaxed or simplified to enhance scalability (e.g., supporting SQLlite queries that provide a subset of SQL search capabilities). Note also that layering object storage capabilities on top of an existing object-based cloud storage system is distinct from building an object store on top of a filesystem (e.g., on top of a linux filesystem or a distributed filesystem such as CIFS). Traditional filesystems involve more complex infrastructure for locating data blocks (e.g. inode tables, etc), and like traditional SQL databases are limited in scalability. Tracking object metadata in a distributed database facilitates rapid look-ups of object time characteristics without the time overhead of having to scan entire object tables. For instance, search keys may include a bucket name, object name/path, and time stamp; the distributed nodes can perform such searches to quickly identify the correct versions of objects and return them to requesting clients.

FIG. 6 presents a flow chart that illustrates the process of managing cloud-based storage using a time-series database. As described above, a DCDMS that is layered upon a cloud storage system presents client applications with an abstraction of buckets of stored objects and manages how these stored objects are stored in the cloud storage system. In addition, the DCDMS provides additional extended capabilities that are not directly supported by the cloud storage system. To do so, the DCDMS leverages a distributed time-series database that executes on multiple, distinct compute nodes to collectively track client object requests received by the DCDMS. During operation, the DCDMS receives a request to access an object using a path identifier and an object identifier (operation 600). The DCDMS determines from the path identifier that the request is associated with one of its supported extended capabilities, and uses the previously tracked object operations that are stored in the time-series database to determine the actual target bucket in the cloud storage system that contains the requested object (operation 610); the actual target bucket that contains the object may be different from the bucket identified in the path identifier that is received. The object identifier is then used to access the requested object from the identified target bucket to service the request (operation 620).

In some embodiments, a cloud-based data management service can be leveraged to develop and support large-scale distributed applications. Consider, for instance, a video storage and enhancement application that is executed in a cloud computing environment via the cloud-based data management service. This application may be configured to store videos and video metadata in the storage of the cloud computing environment, and allow users to tag videos with various attributes in real time, as the videos are being submitted. In some scenarios, the actual video data and attributes might be submitted using standard cloud computing interfaces, while the additional disclosed capabilities and abstractions can be invoked by developers for development, testing, and backup purposes. For instance, a developer debugging or testing an aspect of the live system (e.g., as it is currently receiving new content from users) may take a snapshot of one or more buckets to create a fixed, unchanging view of the data at a given point, thereby simplifying the analysis and debugging process (in contrast with trying to debug a system containing a constantly changing set of content). The developer may also clone such buckets to make changes and adjustments to the data for testing purposes without risking corrupting the original set of data.

Similarly, an analyst executing a system analysis workflow may also use the snapshot capability for one or more buckets to freeze and analyze the set of stored content at a given point in time. As described above, the disclosed techniques create the snapshot instantly without copying the underlying data, thereby allowing snapshots to be created and analyzed without any additional delay. The system can be also be configured to take regular snapshots for backup and recovery purposes. For instance, if the system is configured to take hourly backup snapshots, a user who accidently deletes data can, instead of losing all of their work, can roll back to the most recent snapshot to recover their data and continue from where they left off. Similarly, if at some point the application determines that the data or metadata set has become corrupted due to a failure and/or bug, the data can be rolled back to an earlier timeframe in which the dataset still had integrity. Note that this process may involve iteratively checking multiple roll-back points to perform integrity checks, or even simultaneously checking multiple roll-back points in parallel.

In summary, a cloud-based data management service can leverage a distributed database to provide additional capabilities and filesystem abstractions on top of a cloud object storage system. This distributed database can act as a time-series database that supports operations such as snapshots, cloning, and roll-backs for objects stored in buckets in the cloud storage system. The object and bucket metadata tracked in the time-series database facilitates using copy-on-write techniques that allow existing objects to be referenced from parent buckets without having to copy (and store duplicates of) objects that are created during such operations, thereby reducing the amount of space that is needed in the cloud storage system. Note that the timeline of object accesses that are stored in the time-series database enable all of the above-described functionality.

Multi-Node Management

The previous section describes a set of capabilities that can be provided to clients via a cloud data management service. While appearing to be a single logical service from the client perspective, the cloud data management service comprises multiple different services that execute simultaneously across multiple distributed management nodes (as illustrated in FIG. 1 and described above) to provide web-scale infrastructure. However, managing all of the services that are collectively provided by these distributed nodes can become complex as the number of nodes scales. In some embodiments, the cloud data management service leverages the distributed database to provide multi-node management for the service instances executing on the management nodes.

FIG. 4 illustrates an exemplary configuration of the cloud data management service 100 of FIG. 1 in slightly more detail, showing a larger number of management nodes 109-113. Each node executes in the context of its own virtual machine (e.g., in the context of the S3 cloud computing environment, each management node might execute as an AMI, or Amazon machine image). Note that while one illustrated management node 112 includes three services 114-118, not all of the nodes need to include all of these services nor are they limited to executing just those three services. For instance, some management nodes might execute instances of all, some, or none of these three services, and may also provide additional services (not illustrated) that support cloud data management service 100. Distributed database service instances may execute on multiple nodes, but not necessarily all of the nodes, and are configured to create, monitor, and maintain a status view of the entire cluster of management nodes and services. At any point in time, a node can query the distributed database (via any management node that is executing an instance of the distributed database) on the status of the cluster, including but not limited to:

-   -   the set of nodes that are participating in the cloud data         management service, which services are executing on each node,         and each node's current operating status (e.g., when each         service and/or node last communicated with the cluster, progress         updates, etc.);     -   how many and which service instances are currently executing in         the cloud data management service for each specific service,         which nodes (and/or sets of nodes) they are executing on, their         status, and which service instance are currently collaborating         with one another;         Hence, the distributed database serves as a central (but         distributed!) point of view for all of the services that are         provided by the cloud data management service. Note that the         multi-node management capabilities of the distributed database         are separate from the tables that are used to track time-series         information for objects that were described in the previous         section; the distributed database may be configured to have         separate tables to track data for each of these two capabilities         (as well as for others).

The distributed database service instances distributed across multiple nodes can communicate frequently as needed to update each other and respond to quorum confirmations (or other quorum operations); other different sets of collaborating service instances may also be configured to communicate with each other both independently or via the distributed database. How nodes and services interact can be dynamic based on the health and/or status of the distributed system as a whole. For instance, in some scenarios distributed data caching service instances may communicate among themselves directly to determine which nodes are caching requested objects. Alternatively, in some scenarios they may collectively track such information in the distributed database. For example, in one configuration the data caching service instance in a node receiving an object request from a client may query a set of object-cache tracking tables in the distributed database to determine whether it can contact a peer service instance in another management node directly to access a cached object instead of loading the object from the cloud storage system. Hence, multiple service instances that execute on sets of nodes in the cloud data management service may both communicate within their own peer group (e.g., all of the distributed data caching service instances on different management nodes communicating with each other, or the distributed database service instances located on different nodes communicating) as well as between higher-level services and nodes (e.g., the distributed data caching service instance on one node communicating with the distributed database service instance on the same and/or another node to look-up cached objects).

In some embodiments, the multi-node management portion of the distributed database tracks pending jobs that need to be completed (e.g., in a database table that is dedicated to tracking pending and/or scheduled jobs), and nodes (e.g., a management service on each node) may be configured to periodically check this pending jobs list to determine whether there are any service instances (or “jobs”) that should be initiated. In some embodiments, nodes are all considered equal, and no jobs are assigned to specific nodes; any job can execute at any node at any given time. A node considering whether to initiate a given job may consider the availability of local resources (e.g., the local CPU and available compute cycles, memory or storage size, etc), other conditions (such as location) and any specific requirements that are associated with that job. Multiple nodes may simultaneously determine that there are unclaimed jobs on (or being added to) this pending jobs list; multiple nodes attempting to initiate the same pending job can coordinate through the distributed database using global locks to determine which node will actually execute the job. For instance, multiple nodes may attempt (via the distributed database) to acquire a global lock that is needed to claim an available job, but database quorum procedures ensure that only one node actually receives the lock/permission to do so. That winning node then updates the database to indicate that it is executing the job, and proceeds to do so; the other requesting jobs that do not receive the lock detect that that specific job is no longer pending and abandon their request.

Note that nodes and services in the cloud data management service may be unaware of what many or even the majority of the other nodes and services in the system are doing at any given moment—while a set of peer services executing on a set of nodes may collaborate to provide a specific service, generally services do not receive point-to-point updates from all of the other services on their host nodes or other nodes. If additional information about any other service(s) is needed, a service and/or node can contact the distributed data service (via any node executing a distributed database service instance) to submit a query and receive the requested information and/or updates. For instance, an overloaded service on a node might submit a request via the distributed database that additional services of the same type be instantiated on different nodes, e.g. by acquiring a lock (to ensure that other services of the same type or other services in general do not collide when submitting requests in parallel) and adding a job request to the pending jobs list. The distributed database tracks and maintains up-to-date status information for the cluster, and can serve as a scalable central point for requests and logging of needs and current operations.

Multi-node management tasks execute in parallel with services that actually receive and respond to client requests (i.e., management services execute in addition to the actual workload that is being performed by the cluster in response to incoming client requests). In some embodiments, distributed services that are used to monitor, manage, and maintain the cluster include, but are not limited to per-node service management (e.g., monitoring which nodes are executing on a given node and determining whether more can be initiated), monitoring, high availability, garbage collection, replication, policy enforcement, backup, search/indexing, and logging services.

In some embodiments, a set of monitoring services may collaborate to monitor for and handle service failures and ensure high availability for the cloud data management service. For instance, this set of services may maintain a tracking table in the distributed database that lists the set of active nodes and services, which services nodes are respectively executing, and when both nodes and specific services last interacted with the distributed database (e.g., by periodically scanning logs to see the last time a node or service initiated a job, completed a job, queried the distributed database for information, participated in a database quorum operation, etc.). Such services can ping nodes and/or services that have not shown any activity in a recent timeframe, and if there is no response, flag a possible failure. One possible response to failure would be to queue a set of replacement jobs on the pending job list (in the distributed database), so that any failed services can be restarted on new, operational nodes if needed. Using the distributed database (and its locking mechanisms) as a mediator for performing such operations ensures that multiple nodes do not interfere with each other by trying to initiate the same fail-over response simultaneously.

In some embodiments, a policy management service acts as a policy agent to track and enforce a set of policies that have been defined for the cluster. For instance, administrators may set policies for a range of different parameters including, but not limited to, replication, levels and granularity of deduplication (or disabling deduplication), backups, logging, and garbage collection. Multiple instances of the policy management service operate as a distributed policy management system that enforces such policies; new nodes or services can query the policy management service to receive a set of policy instructions, and the policy management service can check to confirm that policies are being adhered to by analyzing other services' outputs via the distributed database. Note that managing service replication for the cluster may involve both monitoring and policy. For instance, a policy may specify how to increase the number of replicated service instances for one or more difference services as the overall set of services and nodes in the cluster grows, to ensure that high availability is maintained. Hence, the policy management service may also be configured to track the number, proportion, and workload of service instances in the cluster, and initiate new instances of services (via the above-described pending jobs list) as needed or flag that more nodes are needed to maintain a service availability level or ratio specified by a policy.

In some embodiments, a set of garbage collection services work cooperatively to remove obsolete or unneeded data from the cloud storage system and cloud data management service. For instance, in the context of the object storage capabilities described in the previous section, a policy may specify how long old versions of objects should be stored in the cloud storage system. In some scenarios, the policy may specify that older versions of objects should remain persistent as long as they are referenced by a snapshot. The garbage collection services can scan the distributed database to determine any unreferenced objects that are still stored in the cloud storage system or cached in any nodes, delete such objects from their respective buckets, and then update the time-series database to reflect these changes. In some embodiments, the garbage collection services might instead reduce storage costs by moving older versions of objects into secondary storage (e.g., persistent storage on nodes or outside of the cloud instead of in a more expensive cloud storage system) and updating the time-series database to reflect these changes. Note that multiple garbage collection services executing on different nodes can leverage the distributed database to collaboratively perform such operations, for example by cooperatively using the distributed database to claim and identify different portions of the object space that they will be scanning and operating upon.

In some embodiments, the same cluster of management nodes may support multiple distinct distributed database instances that manage data for different clients. For instance, each management node may host multiple distributed database service instances that do not interact with each other. For example, such services might not have overlapping tasks and hence never operate upon the same set of shared data even if they are supporting the same set of clients, or potentially might even operate upon completely different data sets while applying different policies for completely different sets of clients. A given node might also execute multiple distinct database instances that are associated with different sets of data being accessed by distinct sets of clients and applications. Whenever a new service is initiated on a given node it is configured with a specific set of contact information that includes enough look-up information to access its associated distributed database and peer services if needed. Over time such services can gather more such information (e.g., from the distributed database) to ensure that they can re-establish contact across node failures if needed.

Distributed Journal Service

In some embodiments, the distributed nodes of the cluster support a distributed journal service that ensures that new data received by nodes cannot be lost due to a node failure before it is written persistently to the cloud storage system. For instance, because of the nature of the distributed nodes and distributed database, there may be some time delay after a given node has received new data from a client but is still waiting for requests to be confirmed by a quorum set of distributed database nodes; during such intervals this receiving node becomes a single point of failure and is vulnerable to node, network, and/or other failures could cause such new data to be lost. Hence, multiple nodes in the cluster are configured to act as a distributed log that can persistently log and preserve incoming data to prevent loss in case of failures or errors. The distributed log leverages persistent storage on each of the nodes executing a logging service to provide a shared storage pool that can be written to by any service that needs logging services. Note that this is distinct from a dedicated logging server, which would involve dedicated, specially-allocated storage space that could not be applied to other purposes even when idle. Instead, a large number of journaling service instances on multiple nodes, each of which has only limited individual space, can combine to provide an adaptable, scalable journal service without requiring special resources. The number of nodes and service instances allocated to journaling can be adjusted dynamically based on the number of requests and amount of space needed.

FIG. 5 illustrates a scenario in which several management nodes (109, 110, and 112) also execute a distributed logging service 402 that can log data to persistent storage that is local to the respective management node executing the logging service. If needed, the contents of these logs can be reconstructed to recreate new data that was lost—FIG. 5 illustrates a logical view of distributed log 400, which does not exist as a contiguous physical entity in the cluster but illustrates the notion of the contents of the distributed logs that could be pieced into a single contiguous log if needed. In the scenario illustrated in FIG. 5, a client 120 is writing new data to management node 111 (Operation 1). In parallel with performing a set of operations (not shown) that are needed to add the new data to cloud storage system 102 (e.g., update the distributed database, ensure quorum receipt, etc.), management node 111 also logs the new data and transaction information to the distributed logging services 402 executing on management nodes 109, 110, and 112 (Operation 2). Logging new data in parallel to multiple logging nodes ensures that the new data remains safe and available across a range of failures; the number of duplicate log destinations may depend on the scale of the cluster, the importance of the data being logged, and/or other factors, and may be specified by a policy agent service (described above) and/or service-level agreement. The node requesting to log data may also confirm (and ensure) that it has received acknowledgements that the requested data has been successfully stored by a quorum number of logging nodes. A record of logging transactions may also be written to the distributed database.

In the case a monitoring service detects a node failure (e.g., the failure of management node 111), a recovery service can be initiated to look-up, analyze, and recover transactions and recover data that was logged by the failed node. For instance, the recovery service might be configured to search in the distributed database for log records that are associated with the failed node's identifier and then contact logging services to reconstruct and properly process and store any data that was not successfully processed before the failure. Ideally, such recovery efforts would typically only be needed infrequently in error/failure situations.

In some embodiments, each instance of distributed logging service 402 is associated with some form of persistent storage that can store data across power failures (e.g., a solid state drive or other non-volatile storage device). For instance, an instance might be either a virtual or physical machine executing in a cloud data center or elsewhere, as long as the instance is associated with some interface that ensures that it can write to persistent storage. In some scenarios a logging service may even include a dedicated physical storage unit in a data center or leverage an additional (distinct) cloud storage system. Parameters such as availability, storage size, read and write latency, and network or storage bandwidth can be factors both for nodes choosing logging targets as well as for nodes that are determining whether to instantiate a distributed logging service locally. For example, log data may be written in same-sized increments (e.g., 2 Gbyte chunks) that are indexed using the distributed database (both for search/look-up purposes if needed after a failure as well as for later garbage collection). Logged data is only needed for a certain timeframe; after all of the data in one of these chunks has been confirmed to be successfully flushed to a cloud storage system (or some other high-reliability and/or redundant backend storage system), the logged version of the data is no longer needed and the chunk can be freed on the logging nodes using a background garbage collection service so that the space can be re-used for other subsequent log operations. Maintaining and clearing old content from the distributed log facilitates maintaining the abstraction of an infinite storage journal that any requesting service can stream data to on an ongoing basis.

In some embodiments, a monitoring service can be configured to track the status of available log space and throughput capacity and either trigger deletes or the instantiation of additional logging service instances as needed. For instance, logging services may leverage a shared table in the distributed database to track their peers' respective status, load, availability, and other information. Management nodes seeking to initiate logging operations may select specific target logging services based on such information, for instance in the process taking care that they are not logging to two distributed logging services that reside on the same management node (which would somewhat defeat the purpose of distributed logging).

In summary, a distributed journaling service ensures that new data and requests that are being received by the cloud data management service are logged and can be recovered across a range of possible errors or failures. This distributed journaling service can be leveraged by all of the other services executing in the cluster, enabling them to simultaneously log to multiple different nodes to ensure that the new data is protected. A separate garbage collection process can leverage the distributed database to determine and clear out log data that is no longer needed, thereby ensuring that the instances of the journaling service have an abstraction of unlimited log space.

Elastic Search

In some embodiments, a multi-node cluster that includes the above-described multi-node management techniques (and possibly also leverages a time-series database) is used to provide distributed elastic search capabilities. For instance, multiple nodes in the cluster may be configured to execute instances of an existing application such as the elasticsearch distributed search engine to organize, manage, and provide search capabilities for a set of data (e.g., a set of data for an enterprise). Such an existing application may include its own internal cluster-based database to manage search data, but then have the data files that store this internal database be managed by the multi-node management system using the distributed time-series database (e.g., the actual data files and the metadata for the data files used by the elastic search application might be stored redundantly across the cluster in a manner that is managed and synchronized using the time-series database).

Consider, for instance, the previously-mentioned video search application that executes in the cloud computing environment. In one embodiment, video tags are metadata that is associated with videos that are being recorded and/or processed. For instance, video tags may be attached to a video or one or more portions of a video to identify a geographic location, a timeframe, a person's name, or to identify anything else in the video that might be searched for (i.e., looked up) at a later time. The video tags (along with references to their specific associated video segments) from a large number of videos might be read, parsed, and then organized into an index by the elasticsearch instances. Subsequent video searches can then access this index to search for matching videos based on a range of search keys and filters.

Note that such an application may be structured in a range of different ways. For instance, in some embodiments the cluster may store both the videos and the video metadata. Alternatively, other infrastructure may be used to store the video, and the cluster only maintains the metadata and search capabilities. In some embodiments, a hybrid approach enables videos to be stored both in the cluster as well as in externally-managed infrastructure. Because the system is decentralized and distributed, there are no scalability constraints; the tags for a wide range (and location) of videos can be combined into a combined index that enables a user to search upon the full namespace of all of the videos, with the search output indicating the location(s) of the search results. A user searching for videos may be directed to and connect to a graphical user interface (GUI) presented by an elasticsearch instance in the cluster; upon entering the desired video tags, the elasticsearch instance initiates a distributed search and returns any results via the GUI.

While the above-described examples describe video tags and video search, similar techniques can be used to perform deep content search on any type of data. Furthermore, other distributed applications can be executed in the cluster similarly (and also simultaneously), supported by the multi-node management system and the time-series database, which manages their configuration, data files, etc.

Computing Environment

In summary, embodiments of the present invention facilitate storing and managing data in a cloud computing environment. In some embodiments of the present invention, techniques for managing and/or accessing data stored in a cloud computing environment can be incorporated into a wide range of computing devices in a computing environment. For example, FIG. 7 illustrates a computing environment 700 in accordance with an embodiment of the present invention. Computing environment 700 includes a number of computer systems, which can generally include any type of computer system based on a microprocessor, a mainframe computer, a digital signal processor, a portable computing device, a personal organizer, a device controller, or a computational engine within an appliance. More specifically, referring to FIG. 7, computing environment 700 includes clients 710-712, users 720 and 721, servers 730-750, network 760, database 770, devices 780, appliance 790, and cloud-based storage system 795.

Clients 710-712 can include any node on a network that includes computational capability and includes a mechanism for communicating across the network. Additionally, clients 710-712 may comprise a tier in an n-tier application architecture, wherein clients 710-712 perform as servers (servicing requests from lower tiers or users), and wherein clients 710-712 perform as clients (forwarding the requests to a higher tier).

Similarly, servers 730-750 can generally include any node on a network including a mechanism for servicing requests from a client for computational and/or data storage resources. Servers 730-750 can participate in an advanced computing cluster, or can act as stand-alone servers. For instance, computing environment 700 can include a large number of compute nodes that are organized into a computing cluster and/or server farm. In one embodiment of the present invention, server 740 is an online “hot spare” of server 750.

Users 720 and 721 can include: an individual; a group of individuals; an organization; a group of organizations; a computing system; a group of computing systems; or any other entity that can interact with computing environment 700.

Network 760 can include any type of wired or wireless communication channel capable of coupling together computing nodes. This includes, but is not limited to, a local area network, a wide area network, or a combination of networks. In one embodiment of the present invention, network 760 includes the Internet. In some embodiments of the present invention, network 760 includes phone and cellular phone networks.

Database 770 can include any type of system for storing data in non-volatile storage. This includes, but is not limited to, systems based upon magnetic, optical, or magneto-optical storage devices, as well as storage devices based on flash memory and/or battery-backed up memory. Note that database 770 can be coupled: to a server (such as server 750), to a client, or directly to a network. Alternatively, other entities in computing environment 700 (e.g., servers 730-750) may also store such data. Database 770 may also be a distributed time-series database.

Devices 780 can include any type of electronic device that can be coupled to a client, such as client 712. This includes, but is not limited to, cell phones, personal digital assistants (PDAs), smartphones, personal music players (such as MP3 players), gaming systems, digital cameras, portable storage media, or any other device that can be coupled to the client. Note that, in some embodiments of the present invention, devices 780 can be coupled directly to network 760 and can function in the same manner as clients 710-712.

Appliance 790 can include any type of appliance that can be coupled to network 760. This includes, but is not limited to, routers, switches, load balancers, network accelerators, and specialty processors. Appliance 790 may act as a gateway, a proxy, or a translator between server 740 and network 760.

Cloud-based storage system 795 can include any type of networked storage devices (e.g., a federation of homogeneous or heterogeneous storage devices) that together provide data storage capabilities to one or more servers and/or clients.

Note that different embodiments of the present invention may use different system configurations, and are not limited to the system configuration illustrated in computing environment 700. In general, any device that includes computational and storage capabilities may incorporate elements of the present invention.

FIG. 8 illustrates a computing device 800 that includes a processor 802. Computing device 800 also includes a receiving mechanism 804, a storage management mechanism 806, and a storage mechanism 808.

In some embodiments, computing device 800 uses receiving mechanism 804, storage management mechanism 806, and storage mechanism 808 to manage data in a cloud computing environment. For instance, storage mechanism 808 can store metadata that is associated with data that is stored in the cloud computing environment (e.g., metadata in the form of distributed time-series database tables), and computing device 800 can use receiving mechanism 804 to receive a request to access an object in the cloud computing environment. Program instructions executing on processor 802 can traverse the stored metadata to identify metadata entries that are associated with the requested object and/or buckets or virtual buckets that are associated with the requested object. Storage management mechanism 806 can use this metadata entry to download request the object from a cloud storage system.

In some embodiments of the present invention, some or all aspects of receiving mechanism 804, storage management mechanism 806, and/or a filesystem device driver can be implemented as dedicated hardware modules in computing device 800. These hardware modules can include, but are not limited to, processor chips, application-specific integrated circuit (ASIC) chips, field-programmable gate arrays (FPGAs), memory chips, and other programmable-logic devices now known or later developed.

Processor 802 can include one or more specialized circuits for performing the operations of the mechanisms. Alternatively, some or all of the operations of receiving mechanism 804, storage management mechanism 806, and/or a filesystem device driver may be performed using general-purpose circuits in processor 802 that are configured using processor instructions. Thus, while FIG. 8 illustrates receiving mechanism 804 and/or storage management mechanism 806 as being external to processor 802, in alternative embodiments some or all of these mechanisms can be internal to processor 802.

In these embodiments, when the external hardware modules are activated, the hardware modules perform the methods and processes included within the hardware modules. For example, in some embodiments of the present invention, the hardware module includes one or more dedicated circuits for performing the operations described above. As another example, in some embodiments of the present invention, the hardware module is a general-purpose computational circuit (e.g., a microprocessor or an ASIC), and when the hardware module is activated, the hardware module executes program code (e.g., BIOS, firmware, etc.) that configures the general-purpose circuits to perform the operations described above.

The foregoing descriptions of various embodiments have been presented only for purposes of illustration and description. They are not intended to be exhaustive or to limit the present invention to the forms disclosed. Accordingly, many modifications and variations will be apparent to practitioners skilled in the art. Additionally, the above disclosure is not intended to limit the present invention. The scope of the present invention is defined by the appended claims. 

What is claimed is:
 1. A computer-implemented method for managing objects stored in a cloud storage system, the method comprising: receiving in a distributed cloud data management system (DCDMS) a request to access an object, wherein the DCDMS presents client applications with an abstraction of buckets of stored objects and manages how these stored objects are stored in a cloud storage system, wherein the DCDMS provides additional extended capabilities that are not directly supported by the cloud storage system, wherein the DCDMS comprises a distributed time-series database that executes on multiple, distinct compute nodes to collectively track client object requests received by the DCDMS, wherein the request comprises a path identifier and an object identifier; determining from the path identifier that the request is associated with an extended capability provided by the DCDMS; using the tracked object operations in the distributed time-series database to determine a target bucket in the cloud storage system that contains the requested object, wherein the target bucket is different from the bucket identified in the path identifier; and using the object identifier to access the requested object from the target bucket to service the request.
 2. The computer-implemented method of claim 1, wherein the extended capability involves performing an operation that comprises one or more of: a snapshot operation that enables a client application to record the object state for the objects in a bucket at a specified point in time; a clone operation that enables the client application to create a virtual copy-on-write duplicate of the bucket and the objects associated with the bucket at a given point in time; and a roll-back operation that enables the client application to revert the object state for the objects that are associated with a given bucket to an earlier point in time.
 3. The computer-implemented method of claim 2, wherein the DCDMS is layered on top of the cloud storage system; wherein the cloud storage system provides extensible, but expensive, storage capabilities that can scale to meet client needs; and wherein the DCDMS deduplicates object data being stored to the cloud storage system to reduce the storage cost associated with using the cloud storage system.
 4. The computer-implemented method of claim 3, wherein the distributed time-series database is distributed across multiple distributed database instances that execute on the multiple, distinct compute nodes; wherein any of the distributed database instances can be contacted to record an object access or perform the operation, and the multiple distributed database instances use election-based techniques to ensure that a quorum number of distributed database instances have successfully acknowledged pending operations before said operations are considered committed; and wherein the DCDMS uses the distributed time-series database to track when objects are created, accessed, updated, and deleted, and each distributed database instance distributes tracking information for every object access and the operation to the other distributed database instances of the DCDMS.
 5. The computer-implemented method of claim 4, wherein tracking object metadata in the distributed time-series database facilitates rapidly determining object existence, state, and version information for specific time instances without needing to scan object tables or a filesystem; and wherein the distributed time-series database uses the path identifier and the object identifier as search keys when searching the tracked object metadata to find the target bucket for the requested object.
 6. The computer-implemented method of claim 5, wherein performing the snapshot operation comprises: receiving a client request to record the object state for the objects in the bucket at the specified point in time; storing in the distributed time-series database a set of metadata that references the existing objects of the bucket that are valid at the specified point in time, wherein the set of metadata for the snapshot operation is associated with a virtual snapshot bucket that has a distinct path that can be used by client applications to access the snapshotted state of the bucket; and wherein the snapshot operation does not create any additional copies of the existing objects in the bucket when performing the snapshot operation.
 7. The computer-implemented method of claim 6, wherein the path identifier matches the distinct path of the virtual snapshot bucket; wherein the request is received some time interval after the specified point in time, and requests to access the object in the context of the specified point in time; wherein determining the target bucket comprises analyzing the object identifier and the object metadata associated with the virtual snapshot bucket to determine the target bucket, wherein the target bucket is determined to be one of the bucket or an ancestor of the bucket; and accessing the requested object in the target bucket.
 8. The computer-implemented method of claim 7, wherein the time-series database tracks the set of objects that are valid in the bucket at the specified point in time, and the DCDMS uses the tracked object access data to ensure that objects that were no longer valid in the bucket at the specified point in time and that objects that are created or modified in the bucket after the specified point in time are not considered valid objects in the context of the virtual snapshot bucket.
 9. The computer-implemented method of claim 5, wherein performing the clone operation comprises: receiving a client request to clone the object state for the objects in the bucket at the given point in time; creating a clone bucket in the cloud storage system, wherein the clone bucket has a distinct path that can be used by client applications to access the cloned state of the bucket; and storing in the distributed time-series database a set of metadata that references the existing objects of the bucket that are valid at the given point in time without copying any of the existing objects from the bucket to the clone bucket; wherein the set of metadata is associated with the clone bucket in the distributed time-series database; and wherein copy-on-write semantics allow clone operations to execute very quickly because there is no need to wait for object copy operations to complete and minimize the amount of duplicate data that needs to be stored in the cloud storage system.
 10. The computer-implemented method of claim 9, wherein new objects can be written to the cloned bucket and the (original) bucket independently, and the distributed time-series database tracks the set of new objects that are written to the (original) bucket and the cloned bucket respectively; wherein the DCDMS uses the object tracking data in the distributed time-series database to ensure that new objects written to the bucket after the clone operation are not visible in the context of the clone bucket and that new objects written to the clone bucket after the clone operation are not visible in the context of the (original) bucket; wherein the path identifier matches the distinct path of the clone bucket; wherein determining the target bucket comprises analyzing the object identifier and the object metadata associated with the clone bucket to determine the target bucket, wherein the target bucket is determined to be: the clone bucket if the object identifier identifies an object in the clone bucket that was created or modified after the clone operation occurred; either the (original) bucket or an ancestor of the (original) bucket if the object identifier is associated with an object that existed before the clone operation occurred; and accessing the requested object in the target bucket.
 11. The computer-implemented method of claim 9, wherein the path identifier matches the distinct path of the clone bucket and the request is a delete request and the target bucket is the clone bucket; wherein objects can be deleted from the cloned bucket and the (original) bucket independently, and the distributed time-series database tracks the set of objects that have been deleted from the (original) bucket and the cloned bucket respectively; wherein in response to the deletion request the DCDMS updates the object metadata in the distributed time-series database to indicate that the object has been deleted from the target bucket; wherein the object remains valid in the context of the (original) bucket and is not deleted completely from the (original) bucket to ensure that other references to the object are not broken and to enable subsequent roll-back operations for the bucket.
 12. The computer-implemented method of claim 5, wherein performing the roll-back operation comprises: receiving a client request to revert the object state for the objects in the given bucket to the earlier point in time; creating a roll-back bucket in the cloud storage system, wherein the roll-back bucket has a distinct path that can be used by client applications to access the earlier state of the given bucket; and analyzing the object creation, update, and delete records for the given bucket that are stored in the distributed time-series database to determine the versions of objects that were valid for the given bucket at the earlier point in time and then storing a set of metadata that references these versions of objects in the distributed time-series database without copying any of the previous versions of the objects from the given bucket to the clone bucket; wherein the set of metadata is associated with the roll-back bucket in the distributed time-series database; and wherein copy-on-write semantics allow roll-back operations to execute very quickly because there is no need to wait for object copy operations to complete and minimize the amount of duplicate data that needs to be stored in the cloud storage system.
 13. The computer-implemented method of claim 12, wherein new objects can be written to the roll-back bucket and the given bucket independently, and the distributed time-series database tracks the set of new objects that are written to the given bucket and the roll-back bucket respectively; wherein the DCDMS uses the object tracking data in the distributed time-series database to ensure that new objects written to the given bucket after the roll-back operation are not visible in the context of the roll-back bucket and that new objects written to the roll-back bucket after the roll-back operation are not visible in the context of the given bucket; wherein the path identifier matches the distinct path of the roll-back bucket; wherein determining the target bucket comprises analyzing the object identifier and the object metadata associated with the roll-back bucket to determine the target bucket, wherein the target bucket is determined to be: the roll-back bucket if the object identifier identifies an object in the roll-back bucket that was created or modified after the roll-back operation occurred; either the given bucket or an ancestor of the given bucket if the object identifier is associated with an object that existed before the roll-back operation occurred; and accessing the requested object in the target bucket.
 14. The computer-implemented method of claim 5, wherein performing the roll-back operation comprises: determining a set of existing snapshot operations that have been taken in the past for the given bucket; analyzing the set of existing snapshot operations to determine a snapshot bucket that is closest to the earlier point in time; creating a roll-back bucket in the cloud storage system, wherein the roll-back bucket has a distinct path that can be used by client applications to access the earlier state of the snapshot bucket; and copying a set of metadata associated with the snapshot bucket in the distributed time-series database and associating the copied set of metadata with the roll-back bucket; wherein the snapshot bucket, given bucket and roll-back buckets are distinct buckets that can be accessed separately by client applications, and new objects can be written to the roll-back bucket independently of the given bucket and the snapshot bucket.
 15. The computer-implemented method of claim 5, wherein multiple successive snapshot, clone, and roll-back operations upon a same bucket or snapshotted, cloned, or rolled-back versions of the same bucket can lead to a hierarchy of snapshot, clone, and roll-back buckets that share the same bucket as a root bucket; wherein the DCDMS tracks and analyzes the object metadata for such hierarchies of buckets as needed to determine the correct target bucket for each given client request based on the provided object identifier and the path identifier.
 16. The computer-implemented method of claim 15, wherein one or more client applications simultaneously access the same object in the same target bucket via the different distinct paths for different clone, rollback, and snapshot buckets, with the meta-data in the distributed time-series database determining in each respective object access via different distinct paths that the mapping for each different object access refers back to the same object in the same target bucket.
 17. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing objects stored in a cloud storage system, the method comprising: receiving in a distributed cloud data management system (DCDMS) a request to access an object, wherein the DCDMS presents client applications with an abstraction of buckets of stored objects and manages how these stored objects are stored in a cloud storage system, wherein the DCDMS provides additional extended capabilities that are not directly supported by the cloud storage system, wherein the DCDMS comprises a distributed time-series database that executes on multiple, distinct compute nodes to collectively track client object requests received by the DCDMS, wherein the request comprises a path identifier and an object identifier; determining from the path identifier that the request is associated with an extended capability provided by the DCDMS; using the tracked object operations in the distributed time-series database to determine a target bucket in the cloud storage system that contains the requested object, wherein the target bucket is different from the bucket identified in the path identifier; and using the object identifier to access the requested object from the target bucket to service the request.
 18. A distributed cloud data management system (DCDMS) located in a cloud data center that manages objects stored in a cloud storage system, comprising: a processor that supports executing multiple different lightweight services in a single virtual machine using docker containers; and a storage management mechanism; wherein the processor receives a request to access an object managed by the DCDMS, wherein the DCDMS presents client applications with an abstraction of buckets of stored objects and uses the storage management mechanism to manage how these objects are stored in the cloud storage system, wherein the DCDMS provides additional extended capabilities that are not directly supported by the cloud storage system, wherein the DCDMS comprises a distributed time-series database that executes on multiple, distinct compute nodes to collectively track client object requests received and managed by the DCDMS, wherein an instance of the distributed time-series database executes in a docker container on the single virtual machine, wherein the request comprises a path identifier and an object identifier; wherein the instance determines from the path identifier that the request is associated with an extended capability provided by the DCDMS; wherein the instance uses the tracked object operations to determine that a target bucket in the cloud storage system contains the requested object, wherein the target bucket is different from the bucket identified in the path identifier; and wherein the storage management mechanism uses the object identifier to access the requested object from the target bucket to service the request. 